Telecommunications companies are now obliged, under new regulations, to enhance network security.

Telecommunications companies are now obliged, under new regulations, to enhance network security.

The Federal Communications Commission (FCC) has unveiled a series of new cybersecurity measures targeting telecom operators, aiming to safeguard domestic communications infrastructure against foreign espionage threats and state-sponsored cyberattacks. These rules come in response to sophisticated campaigns like Salt Typhoon, an espionage operation attributed to China.

Key aspects of the proposed rules include:

1. **Enhanced Ownership Disclosure:** The FCC is establishing a standardized and broadened reporting regime, requiring a wide range of licensees and authorization holders to disclose ownership interests, specifically identifying stakes held by foreign adversaries. This applies to most wireless licensees, spectrum auction applicants, domestic and international Section 214 authorization holders, VoIP providers with FCC numbers, spectrum frequency coordinators, and other recognized telecom entities.

2. **Prohibition of Foreign Adversary Control:** Measures have been put in place to bar foreign adversary entities from ownership or control over telecommunications carriers, service providers, equipment manufacturers, and certification bodies involved in the domestic communications ecosystem.

3. **Equipment Authorization and Supply Chain Security:** The FCC has strengthened its Equipment Authorization Program to ban equipment linked to covered foreign adversaries (e.g., Huawei, ZTE) and is working to revoke previously approved equipment authorizations for devices that continue to pose risks. This also targets legacy equipment embedded in critical infrastructure that allows adversaries to conduct espionage or cyberattacks.

4. **Closing Loopholes and Continuous Oversight:** The FCC emphasizes closing any gaps that allow foreign adversaries to "skirt the rules" by exploiting legacy authorizations or unmonitored devices within telecom networks. Enhanced oversight includes requiring FCC-approved test labs and certification bodies to verify compliance and assess security risks for all covered equipment.

These measures seek to mitigate cyberattacks, espionage, and surveillance threats by foreign adversaries within the U.S. telecommunications supply chain and infrastructure. The FCC’s actions reflect an integrated national security strategy encompassing ownership transparency, equipment security, and supply chain integrity.

The FCC's actions were taken four days before President-elect Donald Trump assumes office, with the new rules based on Section 105 of the Communications Assistance for Law Enforcement Act. The FCC has published a notice of proposed rulemaking, calling for communications services providers to develop and implement cybersecurity and supply chain risk management plans. The declaratory ruling took effect immediately.

However, it is uncertain how these regulatory measures will fare under the incoming administration, as Brendan Carr, Trump's pick to chair the FCC, dissented against the proposed rule and will issue a separate statement at a later date. Cybersecurity and Infrastructure Security Agency Director Jen Easterly, on the other hand, stated that the FCC's actions are an important step in securing the nation's telecommunications infrastructure.

[1] Federal Communications Commission. (n.d.). Proposed rulemaking on foreign ownership of U.S. communications licensees, authorizations, and other regulatory rights. Retrieved from https://docs.fcc.gov/public/attachments/FCC-21-133A1.pdf

[2] Federal Communications Commission. (n.d.). Declaratory ruling on telecommunications carriers and interconnected VoIP providers. Retrieved from https://docs.fcc.gov/public/attachments/FCC-21-133A2.pdf

[4] Federal Communications Commission. (n.d.). Notice of proposed rulemaking on equipment authorization. Retrieved from https://docs.fcc.gov/public/attachments/FCC-21-133A3.pdf

[5] Federal Communications Commission. (n.d.). Notice of proposed rulemaking on cybersecurity and supply chain risk management for telecommunications carriers. Retrieved from https://docs.fcc.gov/public/attachments/FCC-21-133A4.pdf

1. The Federal Communications Commission (FCC) has enacted a new rule that requires communications services providers to develop and implement cybersecurity and supply chain risk management plans as a part of their risk management strategies, aiming to mitigate potential cyberattacks and espionage.
2. The FCC's cybersecurity measures for telecom operators also include prohibiting foreign adversary entities from ownership or control over telecommunications carriers, service providers, equipment manufacturers, and certification bodies to ensure the security of critical technology infrastructure.

Read also: